Edit firewall for a DigitalOcean droplet like a pro with help from Bobcares.

At Bobcares, we offer solutions to queries as a part of our Server Management Service.

Let’s take a look at this guide by our Support Techs to edit a firewall for a droplet.

How to edit firewall for a DigitalOcean droplet

DigitalOcean Cloud Firewalls can be described as a network-based, firewall service for Droplets. Furthermore, it comes at no additional cost. Additionally, Cloud firewalls also block traffic that is not permitted by a rule.

According to our Support Techs, inbound firewall rules define the traffic that is allowed on the server, from which sources, and on which ports. In case inbound rules are not configured, incoming traffic does not have permission.

Outbound rules are related to traffic permitted to leave the server, to which destinations as well as on which ports. In case outbound rules are not configured, outbound traffic is permitted.

In order to manage the firewall’s rules, we have to go to the Firewalls section in Networking. Once we click the name of the firewall, we will see Rules tab. This allows us to Create new rules and Edit or delete existing rules.

How to edit firewall for a DigitalOcean droplet: Create new rules

We can create new outbound and inbound rules by going to either Inbound Rules or Outbound Rules and opening the New rule.

According to our Support Engineers, we can define firewall rules only to restrict traffic to and from ports based on sources, connection types as well as destinations. Moreover, we cannot define rules to restrict traffic based on HTTP headers like User-Agent. Content-Type or X-Forwarded-For.

Furthermore, there are various common protocols that fill up the Port Range and Protocol fields automatically. For instance, if we select HTTP, the Port Name and Protocol will automatically be port 80 and TCP respectively as seen below:

In case any of the services are listening on a non-standard port, we can create a new custom rule to configure it.

How to edit firewall for a DigitalOcean droplet: Custom rules

In order to add a custom rule, we will select Custom. This allows us to define the port range, protocol as well as source or destination.

• Protocol:
  We can choose either UDP or TCP. Since ICMP does not have port abstraction, we have to select it directly in the New rule to allow ICMP traffic.
• Port Range:
  For UDP and TCP protocols, we will specify the following:
  • All ports: by leaving the field blank.
  • Range of ports: by entering the ending & starting ports separated by a dash. We can create a separate rule for each in order to open multiple non-sequential ports.
  • A single port
• Sources:
  For inbound rules, sources allow us to restrict the source of incoming connections as seen below:
  • Resources or tags: by entering the name of the tag or resource. This includes VPCs, Droplets. Kubernetes clusters, load balancers, resource tags, and Ipv4/Ipv6 addresses.
  • IP addresses or IP ranges: by entering a CIDR or individual IP addresses.
  • Types of IP address: by choosing All IPv6 or All Ipv4 in the sources field. In fact, this allows all IP addresses of a certain type to connect to the Droplet.
• Destinations: for outbound rules, it allows us to restrict outgoing connections’ destinations. We can also limit the sources or destinations to:
  • Load Balancers, DigitalOcean selected by name, IP address, or tag
  • Droplets, selected by name, IP address, or tag
  • DigitalOcean Kubernetes clusters, selected by name, or tag
  • Non-DigitalOcean servers by subnets, CIDR ranges, or IP addresses

How to edit firewall for a DigitalOcean droplet: Edit or Delete rules

We can edit or delete a rule via the More menu seen below:

In other words, we can opt for Edit Rule or Delete Rule respectively. Furthermore, the rule gets deleted immediately without any additional prompt when we choose Delete Rule.

[Need assistance with another query? We are here to lend a hand.]

Conclusion

In brief, we learned how to configure firewall rules for a DigitalOcean droplet under the guidance of the skilled Support Engineers at Bobcares.